What are potential vulnerabilities in PHP code that can lead to external attacks on a system?
One potential vulnerability in PHP code that can lead to external attacks is SQL injection. This occurs when user input is directly concatenated into SQL queries, allowing attackers to manipulate the query and potentially access or modify sensitive data. To prevent SQL injection, developers should use parameterized queries or prepared statements to sanitize user input before using it in SQL queries.
// Using prepared statements to prevent SQL injection
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username AND password = :password');
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
Keywords
Related Questions
- What are the benefits of using a Mailer class in PHP for sending emails instead of the built-in mail function?
- What are the best practices for displaying and managing assigned and unassigned customers in a selectbox in PHP?
- What are the potential advantages and disadvantages of storing data in arrays within PHP source code compared to retrieving data from a MySQL database?